I'm a technology, privacy, and information security reporter and most recently the author of the book This Machine Kills Secrets, a chronicle of the history and future of information leaks, from the Pentagon Papers to WikiLeaks and beyond.
I've covered the hacker beat for Forbes since 2007, with frequent detours into digital miscellania like switches, servers, supercomputers, search, e-books, online censorship, robots, and China. My favorite stories are the ones where non-fiction resembles science fiction. My favorite sources usually have the word "research" in their titles.
Since I joined Forbes, this job has taken me from an autonomous car race in the California desert all the way to Beijing, where I wrote the first English-language cover story on the Chinese search billionaire Robin Li for Forbes Asia. Black hats, white hats, cyborgs, cyberspies, idiot savants and even CEOs are welcome to email me at agreenberg (at) forbes.com. My PGP public key can be found here.

The gram of marijuana Forbes bought with bitcoins on the Silk Road black market. Researcher Sarah Meikeljohn was able to identify the purchase by following our bitcoins' path into the Silk Road's accounts.

To be clear, we weren’t caught by law enforcement–so far at least, our experiment last month in ordering small amounts of marijuana from three different Bitcoin-based online black markets hasn’t resulted in anyone getting arrested. But a few weeks after those purchases, I asked Sarah Meiklejohn, a Bitcoin-focused computer science researcher at the University of California at San Diego, to put the privacy of our black market transactions to the test by tracing the digital breadcrumbs that Bitcoin leaves behind. The result of her analysis: On Silk Road, and possibly on smaller competitor markets, our online drug buys were visible to practically anyone who took the time to look. “There are ways of using Bitcoin privately,” says Meiklejohn. “But if you’re a casual Bitcoin user, you’re probably not hiding your activity very well.”

Bitcoin’s privacy properties are a kind of paradox: Every Bitcoin transaction that occurs in the entire payment network is recorded in the “blockchain,” Bitcoin’s decentralized mechanism for tracking who has what coins when, and preventing fraud and counterfeiting. But the transactions are recorded only as addresses, which aren’t necessarily tied to anyone’s identity–hence Bitcoin’s use for anonymous and often illegal applications.

But Meiklejohn and her colleagues at UCSD and George Mason University have found that a little snooping in the blockchain can often uncover who owns which of those Bitcoin addresses. In a paper they’re presenting at the Internet Measurement Conference in Barcelona next month, they showed that they could use “clustering” methods taking advantage of clues in how bitcoins are typically aggregated or split up to identify thousands of addresses based on just a few test transactions they performed. With the data from just 344 of their own transactions, they were able to label the owners of more than a million Bitcoin addresses. And by making just four deposits and seven withdrawals into accounts held on Silk Road, Meiklejohn says the researchers identified 295,435 addresses as belonging to that drug market.

When I asked Meiklejohn to try to trace Forbes’ transactions, I started by giving her the Bitcoin addresses associated with our account on the popular Bitcoin wallet service Coinbase–information that could in theory be obtained by any investigating law enforcement agency that sends Coinbase a subpoena. With just that list of my public addresses, she was able to identify every transaction we had made, including deposits to the Silk Road, to competitor sites Atlantis and Black Market Reloaded, and even a transfer to the personal account of Forbes reporter Kashmir Hill. (Hill had revealed her Bitcoin address during her earlier experiment of living for a week on nothing by Bitcoin.)

To be fair, Meiklejohn had seen my story on our three experimental drug buys, which obviously informed her guesses. But her ability to identify the Silk Road transaction didn’t involve any such cheating. To spend bitcoins on sites like Silk Road, users must first deposit them in their account on the site. Meiklejohn was able to trace Forbes’ deposit to our Silk Road account by tying the deposit address to around 200 other addresses, several of which she had identified as associated with the Silk Road in her clustering analysis. After we sent .3 bitcoins to that Silk Road deposit address, the blockchain showed that our bitcoins and small amounts of bitcoins from all of those other addresses–including the known Silk Road addresses–were aggregated together in a 40 bitcoin account. That proves, Meiklejohn explains, that whoever had control of the deposit address we used also must have had control of Silk Road addresses, which means our earlier transaction could be identified as a Silk Road deposit. (See the diagram below.)

How Meiklejohn traced our Silk Road deposit: When our .3 bitcoins were aggregated into a much larger 40 bitcoin account, she was able to connect the address of our suspected deposit with hundreds of other addresses also making transfers to that account. Matching those addresses with ones she had identified as belong to Silk Road in an earlier "clustering" analysis revealed that Forbes' deposit address must have belonged to Silk Road, too. (Click to enlarge)

“Because we had such a big aggregation, we had hundreds of opportunities to have seen one of those addresses before,” says Meiklejohn. “If we could tag any of these addresses as belonging to Silk Road, your deposit address must have belonged to Silk Road as well…I had to do one query in the database to identify them as Silk Road.”

Meiklejohn’s identification of the Atlantis and Black Market Reloaded transactions, on the other hand, were based on more manual detective work and probably wouldn’t have been possible without some prior knowledge of what she was looking for. “If you hadn’t mentioned these services, just trying to guess would have been very difficult if not impossible,” she admits. But that’s only because Meiklejohn hadn’t had a chance to perform a prior analysis on Atlantis and Black Market Reloaded as she had with Silk Road, she says. “The manual inspection approach would not work in general, but if I’d had the ability to throw our whole analysis at this…who knows.”

Given how easily she traced the Silk Road transaction, I asked Meiklejohn a harder question: What if I hadn’t given her Forbes’ full list of Coinbase addresses? After all, some investigators might not be able to subpoena that data, as I assumed in our experiment. I proposed a situation in which she instead only had the initial address Coinbase created for Forbes, an address that might be shared with anyone sending bitcoin payments to our account. Her answer: Even then, Meiklejohn would have been able to see that we’d transacted with the Silk Road, based on a withdrawal from a known Silk Road address to that single Coinbase address.

Despite what Meiklejohn was able to prove about Bitcoin’s traceability, the experiment also shows the limits of tracing those underground transactions. Once our bitcoins had been mixed up with other users’ bitcoins in the Silk Road’s 40 bitcoin account, it became impossible to track them further. So even though Meiklejohn could show that we had deposited bitcoins into a Silk Road account, she couldn’t see that those bitcoins were later paid to a drug dealer–in this case one known as the “DOPE man” who mailed us a gram of marijuana.

That conclusion holds–at least in part–with the privacy claims of the Dread Pirate Roberts, the pseudonymous administrator of the Silk Road who I interviewed for a story published last month. “We employ an internal tumbler for when vendors withdraw their payments, and a more general mix for all deposits and withdrawals,” he told me when I asked about tracing Silk Road transactions in the blockchain. “This makes it impossible to link your deposits and withdrawals and makes it really hard to even tell that your withdrawals came from Silk Road.”

Though Meiklejohn may have offered evidence contradicting the last part of Roberts’ statement–she easily identified our withdrawal from the Silk Road–the site’s mixing of bitcoins may still offer some superficial protection to users. There may not be anything clearly illegal, after all, about merely storing bitcoins in a Silk Road account–The site does offer plenty of legal products as well as contraband. “Everything that happens internally on the Silk Road is completely opaque, and the coins you withdraw are fairly unrelated to the ones that come out,” she says.

And the final lesson of Meiklejohn’s experiment is that Bitcoin users seeking privacy should be careful about revealing their addresses in public or using a subpoenable Bitcoin service like Coinbase that might connect their Bitcoin addresses and real names. If we had taken the extra consideration of shuffling our bitcoin expenditures through other addresses created with desktop-based wallet software, or gone to the further effort of sending them through a bitcoin “laundry service” such as Bitlaundry, Bitmix or Bitcoinlaundry, tracing them would have become much harder or even impossible.

“There’s this tension between anonymity and usability with Bitcoin,” says Meiklejohn, pointing to desktop Bitcoin clients like MyWallet that are less convenient than Coinbase but offer greater privacy.”If you’re an amateur Bitcoin user and you don’t want to mess with complicated Bitcoin clients and just use an online service, your anonymity is quite a lot less than what you might imagine.”

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

The key here was the aggregation. However, there is no reason to do that because a Bitcoin wallet program is an offline thing that aggregates the balances of all your addresses for you. Many people confuse things and think your wallet is on the blockchain, it is not, only individual addresses.

“Any seller on there could easily be an agent. You have to provide your address to get the goods, so easy to get caught.”

Ok, so let’s follow this logic through; you buy some BTCs, you deposit these in a silk road account, you find a drug you want (I dunno, crack or something), your order it and send your address to the vendor, which turns out to be the DEA. Then what? The DEA are going to turn up at your house and arrest you for *not* having drugs? What exactly are they going to do then, other than expose themselves as fake drug dealers? As far as I am aware you can only be arrested for possession of drugs, not for being an idiot and getting ripped off. Maybe the dealers do rip off customers, but considering how long it’s been around now (from the linked DPR interview) I’m guessing it wouldn’t be that successful if it was easy to scam alot of people… in fact, thinking about it, that goes for your DEA honeytrap idea too…

I’m not saying it’s a good idea to buy anything from there (though I do like the idea of a currency like BTCs, free of the central banks), but to suggest that any drug-enforcement agency is going to be setting up fake vendor accounts is stupid. Same goes for setting up buyer accounts and buying stuff – what would it prove? In fact, I wouldn’t be at all surprised to find out that they cared about neither buyers or vendors on such websites, but were deeply interested in the people behind the websites in the first place….

First, there is such thing as conspiracy to possess/distribute narcotics. they can charge you under that. Second, someone new to the site could order a product from a vendor without an established history. LE could mail the drugs to your address and once you accept the package, they arrest you. Wouldn’t be hard to set up a sting that way. Lastly, there is a chance that your package gets intercepted in the mail from a legit buyer and seller. At that point, LE allows the package to continue. Once the the recipient accepts it, they’ve got you for possession.

To say that law enforcement isn’t interested is ignorant. Silk Road has been all over the news lately, specifically after Senator Schumacer stated, “Silk Road is the most brazen attempt to peddle drugs online that we have ever seen … by light-years.” It is on law enforcement’s radar, and much like the Mega Empire, they’re going to do anything in their power to shut it down.

And yes that may be so but, one thing here did you know every seller on there has to pay a 400$ bond just to sell on there and dont get the money back till 50 people say they are legit? doubt many law enforcement people are willing to put that much money down just to arrest a couple people before someone tips the other members off about them…

As the report indicates, it is not very easy to track the transactions, particularly after they have been “deposited” into the recipient’s bitcoin account. The Bitcoin phenomenon has outlasted some of the best hackers for over 4 years ( http://chopra-m.blogspot.com/2013/08/change-in-your-wallet-bitcoins-and.html) and that in and of itself is quite an achievement. The fact that some of these underground sites continue to only accept digital currencies is also somewhat contra, because if anonymity was compromised – they would all be running for the hills and they are not. Finally, many of us will recall that the first commercial application on the internet was – pornography. Today’s internet is a far cry from those early days. I think the dark usage of the early adopters of digital currency phenomenon, is just that – early days. Just you wait and see how this develops. I think when the Germans legitimized bitcoins for private transactions, they were really not talking about the Silk Road.

I appreciate Forbes deciding to cover Bitcoin more and more these days. But I have yet to see a single article about the new and emerging digital currency Goldcoin (GLD) that’s taking the World by storm. It’s much better positioned for mainstream consumer appeal due to its name and innovative development team. Luckily for the reader, it can still be purchased rather cheaply on the Cryptsy exchange.

Sorry I just had to reply to this joke… GLD taking the world by storm??? It is worth 0.00000007 BTC (Bitcoin) the least valuable of almost all the Alternate CryptoCurrencies… what about LTC (Litecoin), DGC (DigitalCoin), FTC (FeatherCoin), CGB (CryptogenicBullion), ANC (AnonCoin), CPR (CopperBars), and I could list about 60 more valuable than GDC!!!

really Greg, no one takes Goldcoin seriously. I respect what you’re trying to do with Goldcoin but its appeal is limited due to using the scrypt algorithm which is difficult to secure and easily time traveled. Good luck with it though. maybe you can supplant litecoin lol

This is not all entirely accurate. Silkroad also runs a public mixer as well as Blockchain.info (which uses the silkroad mixer I believe). You have the option to send your coins through this mixing services which goes through silkroad addresses but does not necessarily get used to purchase drugs or even do business with silkroad. While you could say the address that you sent to was a silkroad address, it might be their mixer which is designed to give enough volume so as to offer deniability to users. So, you can track coins it’s true- but the second coins go into large mixers or through exchanges or mixed wallet services, you can’t say for sure where the coins went or for whom they went to. 1 BTC goes in, and 1 BTC goes out, but not at the same time, nor in the same amount (the 1btc out payment can be split up over multiple addresses, etc…). It’s trickier then it’s being made out to be.